Teesside University

COM2057 Networks and Systems Administration

Upgrading the Existing Local Network of a Trading Company

Philip Martin N3098463

Contents

1. Introduction 3

2. Understand What Reliance Want 3

3. Network Analysis & Detail 4 -7

4. Network Design & Subnetting 8, 9

5. Network Implementation 10 - 16

6. Costing Table 17

7. Policies 18

8. Conclusion 19

7. Bibliography 20

#

Introduction Reliance is one of the leading trading and financial institutions in the UK today and are in need of a

new updated network. The network will be built on requirements that the company has gave me. I

understand they want a high performing and very stable network, this means allot of choice will

have to be made due to the technology available on the market today. I will be looking for the best

solution that meets every criteria, especially the TCO (The Total Cost Of Ownership).

Understanding What The Company Wants

Looking through the requirements of what the company wants, i see the following 3 aspects as the

main goals that the network must be built around:

A solution that meets our needs for the foreseeable future.

a network that will be cost effective to run and provide a lower Total Cost of Ownership

(TCO)

Higher performance & Higher availability

Before a decision is made these points will be taken into consideration, once all three aspects are

met, the final decision can be made.

Network Analysis

Based on the current specifications given, I see that some equipment is fine and does not need to be

changed, however some hardware and software could be upgraded. the upgrades that need to be

made will cost a fair amount for example to train staff and install new technologies, therefore i

believe The current environment will be improved, here are some of my ideas on how to improve

the technical requirements:

Currently running with Windows XP on the desktop

Currently windows XP doesn't support IPv6 which will be a big downfall if the network was to be

increased. Later on in life the network may need to implement IPv6 when it eventually makes it final

breakthrough, however with Windows XP this cannot be done. My best option would be to have

windows 7 installed onto desktop Pc’s as it has IPv6 compatibility and it is also one of the most

stable Operating Systems on the market and in my opinion one of the simplest to use.

Currently Servers are a mix of Windows and Linux

It’s not a bad idea to have some servers with windows and some with Linux, only thing to be careful

about is to keep on top of updates and look-out for improved versions of each OS. Linux has proven

itself to create a very stable OS which is unlike Microsoft as they report problems on regular

occasions. But both still provide services that the other can’t, for example.

Techtarget explains server OS authentication “Windows Active Directory is a full authentication and

authorization platform that integrated applications, users, computers and other resources. Linux

alternatives to Active Directory don't have the same support” (van Vugt and Posey, 2014). Also

another point to consider is the cost which is a major factor here. Linux software is free whereas

Microsoft always have a price, but to have a variation of the two is good. The only thing to be aware

of is to always keep them updated.

Currently Using TCP/IP – currently using IPv4

looking at the sub netting I believe IPv4 is still the answer, if expansion is needed then everything

will be setup for a quick and simple changeover to IPv6, but research shows that IPv6 won’t be

coming anytime soon. TCP/IP is one of the most common protocols used today. It’s stable, well-

established and also complete. These set of protocols can only make a network such as this much

better, and with a new network being established we can use these set of protocols to their full use.

TCP has a good failure recovery, it has the ability to add networks without interrupting existing

services, High error-rate handling and also Low data overhead. These all add up to make my mind

clear about still using TCP/IP.

Network details

Using old Layer 2 switches, and router.

Layer 3 switches I believe are essential to the new structure. A layer 3 switch supports routing. A

layer 2 switch only knows Ethernet. Installing Layer 3 switches brings the idea of VLANS to my head,

which wouldn't be an option with a layer 2 switch. However a layer 2 switch is still useful to connect

all the hosts together in one subnet but for my design here I think VLANS are essential so i think

layer 2 switches are not needed. i will have two switches at the parent subnet to connect all the

subnets together and also to connect them to the routers. I believe that with the amount of subnets

I have we should be installing two routers. This isn't a massive upgrade but it’s more than enough for

the traffic. This is also useful if one was to go down as one router can still handle all the traffic

OSPF or EIGRP for internal routing

I still believe that the Open Shortest Path First is still an efficient protocol to use on the network.

Even though it’s quite old and other protocols such as RIP (Routing Information Protocol) can be

used instead I still believe in OSPF is a much safer and secure protocol. Also techtarget explain that

“OSPF supports a variable network subnet mask so that a network can be subdivided” (Rouse, 2011)

which will be useful in the network.

techtarget tells us that “EIGRP (Enhanced Interior Gateway Routing Protocol) is a useful network

protocol that lets routers exchange information more efficiently”(Rouse, 2012).This is brilliant for

this type of scenario so that the speeds can match the speeds needed by the company as the

transactions need to be complete very very quickly. Therefor I believe these two protocols are

correct for the internal routing.

ISDN for Internet connection

ISDN is no longer as popular an option as it was formerly. In many networks DSL and cable modem

service are now the more preferred option, no longer is it a popular option, it means services are

less likely to be offered or support by it either. It’s best to have a more common option which is well

used and works well. Therefor I would choose cable modem for the Internet Connection

Performance

People have different views on what hardware is best to use and allot are due to biased reasons. If

you were to ask a Linksys employee what’s best it’s always going to be a Linksys product, therefor

you need something that is known well in the computing world and one that has proved to be the

best at its job.

Selecting hardware that is essential for networking these days needs to have current standards and

also newer standards, this is to keep the network compatible and also ready for faster technologies

in the future. for example layer 2 switches are still available on the market even though layer 3 is

todays best available switch on the market, people sometimes go for a layer 2 switch as a cheaper

option or for simple connections.

Cabling is also another material that can improve performance. As fibre optics is gradually being

distributed, it’s still one method of cabling to not frown upon when building a network, but these

days shielded twisted pair is currently the most common and successful method of cabling with Cat6

being the best option but not the cheapest. Also using such cabling will allow for good bandwidth

which means transaction to be complete instantly.

As shown nothing major needs to be changed on the network, most of it is replacing minor problems

with newer solutions that can withstand much more than the requirements Reliance want. The

other enhancement I explained above makes me believe i can make this networks meet the needs of

what reliance want and also give them the best network experience possible. And for this I can see

nothing going wrong with the performance

Availability

Availability on a network has to be at its best especially a business network, imagine the customer

satisfaction dropping or even the financial earnings of the company dropping for something such as

system downtime. However availability on a network is always high in the pecking order when

building such high quality structures and this is to be no different.

For a company that deals with financial services for a wide range of British businesses very high

security and monitoring needs to be implemented, tools such as packet detectors which will look for

odd looking data or data from an unknown source and alert the management team. Also security

suites are necessary for high quality protection against hackers.

However it’s not all about security issues here. The network is going to need switches and as I’ve

already brought up I believe Layer 3 is the best solution i also believe to create a stacking situation to

the network, which looks a little like a mesh topology, is the best idea. Also I’m going to have layer 3

switches in each subnet and also two in the parent subnet to connect each subnet together,

therefore if one is to go down. There is no downtime as the network will still be setup to still work.

Security

Allot of top businesses, especially ones that deal with finances spend allot of money on security

measure without proper research or getting a network solutionist to give them solutions for their

needs. allot of money could be saved by knowing a lot of about computers for example allot of open

source programs can do the same as an well-known company that charge unbelievable prices . After

looking at what Reliance want, here are my ideas:

Secure external link to the internet

creating a secure link to the internet is easy with basic feature used today, things such as

firewalls can make the link secure by opening certain ports which can only be accessed by

the host. Everyone else will be blocked.

Secure connection for remote workers

people who work off-site can easily access their desktop with full confidentiality and

extremely secure. VLAN used here is a great as it creates a secure connection using the

power of encryption so nobody can access any data being passed. This again backs my idea

for Layer 3 switches.

Intrusion detection and prevention systems (IDPS) are a good additions to a network. They both

monitor network traffic and/or system activities for malicious activity. Intrusion prevention systems

are able to block intrusions that are detected.it can take such actions as sending an alarm, dropping

the malicious packets, resetting the connection and also blocking the traffic from the offending IP

address.

Cost

when creating a network there are going to be many costs involved, costs such as purchasing,

repairs, maintenance, upgrades, security, user training, and software licensing. i believe that this

shouldn't be a financial struggle for such a high calibre company. But also I cannot guarantee that

the overall TCO is going to be a lot cheaper, however I can guarantee that it will be cheaper. One of

the major areas that Reliance will save money is power usage,

When i mentioned Open source programs earlier they are such small programs they hardly use

power they can just be lightly running in the background until they find something. Layer 3 switches

will be implemented for VLANS and also to meet future demands.

i can see that the running costs of the network are definitely not going to be as big as the

implementation costs, this then makes the network a great investment for the company by

introduction new standards and new networking techniques.

Subnetting ideas

The network I plan to build will have eight subnets. The subnets are not complete assigned to one

area of the network. Some of the subnets will cover one area for example subnets 1, 2, 3 and 4 all

cover the traders. The idea I have is to have two powerful routers which will be connected to 2 Layer

3 switches which will then connect to each subnet, this lowers the risk of network availability

dropping, and they can also be configured so that one uses less power when both are online. The

company want 200 customer IP address so my idea is to split them equally into 4 subnets. I thought

this might be a slightly wasteful idea as many IP address go unused, after much researched I realised

that there is nothing wrong with an idea such as this, the spare IPs could be used for expansion later

on.

Network Design

After looking at the documentation from Reliance I’ve created a design that I believe will give them

the best performance and availability possible. Once I had thought about which way I would

approach the design I finally came up with a very strong a stable one. I then put my ideas into action

and created a brief overlook of the network (Figure 1).

(Figure 1)

First thing you will see is that I haven’t yet thought about the back-up site and I think it would be

best to make that decision when implementing the network. This way I can see the volume of traffic

and then base the backup design around them results.

When building the design I had the TCO as the top achievement had had to meet, this was a struggle

when deciding what edge network devices to include, I came to the conclusion that one router

would be good enough to handle the onsite network and two switches to connect all the subnets

together. The reason for two is to keep the network running if one was too fail. The router would be

connected to the ISP and that’s why I’ve implemented a firewall before anything from the internet

can be passed onto the private network.

After describing my ideas for the subnet my final decision was to have 8 subnets. 4 for the

Traders/Customers, 1 for the Printers, Managers and Support staff and finally a separate subnet for

the servers, this for me is a better way so that the servers are only used when needed. The offsite

servers will also be included in the server subnet but not situated inside.

I believe this design with tick all the boxes for Reliance and will also deliver the speeds necessary.

When implementing the network however I believe I will make some slight changes to get the best

speeds possible and also last the 5 years wanted by the company before anything needs to be

replaced again.

Router

Firewall

Subnetting

Figure 2

Subnet Address Subnet mask

1st useable host Last usable host Broadcast add

1 192.168.10.0 /26 192.168.10.1 192.168.10.62 192.168.10.63

2 192.168.10.64 /26 192.168.10.65 192.168.10.126 192.168.10.127

3 192.168.10.128 /26 192.168.10.129 192.168.10.190 192.168.10.191

4 192.168.10.192 /26 192.168.10.193 192.168.10.254 192.168.10.255

5 192.168.11.0 /27 192.168.11.1 192.168.11.30 192.168.11.31

6 192.168.11.32 /27 192.168.11.33 192.168.11.62 192.168.11.63

7 192.168.11.64 /28 192.168.11.65 192.168.11.78 192.168.11.79

8 192.168.11.80 /29 192.168.11.81 192.168.11.86 192.168.11.87

I believe using Class C addressing was the best option for this network as it had a sufficient number

of hosts. Using Class A or B would be stupid as 65,000 users (which is what a class b IP address can

assign) aren’t really necessary for a network that’s needs less than 300. So for me this was an easy

choice and it didn’t take much time to make my final decision

As you can see in figure 2 I finally came to the decision that I would use 8 subnets. As you can see at

the bottom of Figure 3 I have split the users as efficient as I thought possible. At first my idea was to

only have 5 subnets, which meant that the majority of the traders were all going into one subnet.

This would be a bad decision as there is the possibility of that subnet going offline, and being part of

a bank this could mean a major drop in finances. This idea was to save unused ports on the network

but after research I realised this isn’t such a bad idea.

Other than customers. Users such as Support staff, management staff and also printers were quite

easy subnet. Each of them would fit perfectly into the range of hosts available without many unused

IP addresses leftover.

Figure 3

Network Implementation

I’ve used my design and now implemented it into simulation software called OPNET; the program

now runs the network and looks at multiple statistics. Results such as delay and server traffic will

become very useful when picking the right technology to install on the network. When using the

software more decisions need to be made such as cable types and what type of server to use and

I’ve picked the best for the situation. This is the model I eventually created:

As shown the model has extra facilities installed such as the backup sites, these are defiantly needed

just in case the worst did happen. All links are connected using 1000BaseX cabling except the

connection between the ISP and routers as this required PPP DS3 in my opinion I knew that these

methods would ensure the fastest speeds possible.

Each subnet is the same as I initially designed and here are them implemented into the software:

This is the design for the first 4 subnets; it includes 50

workstations that are all connected to the layer 3

switch in the middle of configuration. The switch is

then connected to the 2 base layer switches. All

connection here are again made using 1000BaseX

These four subnets make sure all the customers are

accommodated for on the network. Not shown in the

diagram I have also created a VLAN which makes a

secure connection for remote works which I will talk

about later in the report

Subnet Design for Subnets 1,2,3,4

Similarly to previous subnets this is virtually the

same design however the nodes are now printers.

Again they are connected to a layer 3 switch, which

connects to the base level switches. On the

simulation we can collect information of traffic

received by users.

For Subnet 6 we can now how each node is

connected to the switch, as it is clearer to see.

This works in the same condition as the first 4

subnets just less users. However the Profile

settings are different. As support staff they will be

able to access each server and have the

equivalent rights as an administrator would have

Subnet 7 also has the same priorities as subnet 6.

This is now the management staff that should be

able to control things on the network and access

everything related to the network. Again all the

connections are the same

Subnet Design for Subnet 5

Subnet Design for Subnet 6

Subnet Design for Subnet 7

This in my opinion is recognised as the main subnet,

this includes each server that specifically deliver

different services.

Each of them are extremely important to the

network, without these the business would not run

correctly or would run with main features missing.

Back-up Site

The back-up site is very important to have in case anything was to happen, the structure is needed

to comply with the disaster recovery plan. I plan these to still be connected to the network so not to

far away from the site but not in the same building. This arrangement has more than one back-up to

make 99.9% sure that there is always something in place to recover the network. Later on the

company could possibly thing about make the back-ups wireless or even cloud based.

Subnet Design for Subnet 8 (Servers)

Results of Simulation

After the network was finally constructed it was then time to run the simulations. It would then be

possible to receive the data and use it to our advantage to change things and improve them if

required. This is what I received in my findings

Ethernet Delay

Firstly I thought it would be good to check the Ethernet delay on the network so it meets the

performance speeds required on the network.

Here we see that the delay over 30mins is extremely good. I believe that Reliance wanted a

transactions completed in less than 1milliecond and shown in the graph above the longest delay on

the network is 0.00033seconds which calculates to 0.32milliseconds this is 2x quicker than what

Reliance wanted and this was a great way to start.

Packet loss

On a network you want your packet loss to be as low as possible. But it’s very hard to not loose any

packets at all and I believed this was going to be the case on this network until I seen the results.

I believe that the first 5mins was the network simulating for the first time and also many servers

sending data at the same time, however after this period the results are perfect. 0 packet loss is

what any financial company would dream for in there network and I’ve been able to establish this on

the network.

Data Sent & Received on the Servers

Its always important to see if you have correctly assigned and configured your servers properly and

this is what this test was for. Each server was assigned different attributes, which were to

communicate with different subnets, and this was the result.

This graph shows us that the servers were correctly configured and also show us the amount of data

they are sending. In my opinion each server did its job correctly and they seem to been in good

working order.

Protocol Traffic

This test will show us how the data on the network is traveling to and from each server, here I

wanted to see the traffic sent and traffic received from each protocol to see if they matched up with

each other. The following protocols were tested: (HTTP, FTP, E-MAIL, PRINT, DATABASE).

We can see here these protocols and servers are working perfectly however, I did occur a problem.

However the database server wasn’t configured correctly as no one on the network was assigned to

use it. I had correctly went over each user and reassigned profiles, I tested again and finally the

database server responded as shown below.

VLAN

For the customer subnets I created a VLAN from the switch so that remote users could connect

safely to the network from the outside. I thought it would be a good idea to check the stats on this

as well to see if it was what the company were looking for. At first I thought each subnet was going

to have layer 2 switches but I decided that installing layer3 switches would be an investment to the 5

year plan Reliance had and by doing this VLANs could be created. So I ran the tests and here is what I

got.

This graph shows that the VLAN will now work and can be implemented into all subnets where

reliance may want this technology

Costing Table

Equipment Price Description

10 x 32 port switches (2 each for the first 4 Subnets, then 1 each for subnet 5 & 6)

£250 - £2,000 Its Much cheaper to stack two 32-port switches than it is to actually buy one 64-port switch. This will add to the networks redundancy to make sure its running 99.9% of the time.

3 x 16 port switch £50 - £250 This type of switch is not as common as a 32 or 64 port one; this is probably why the price isn’t as expensive. It also comes down to the wider range available on the market.

1 x 8 port switch £30 - £200 8 port switches are possibly the cheapest ones available. People even use these in small offices and they work very well. I would say that a mid-priced switch would be the best choice here.

7 servers £200 - £700 The Servers are essential on the network; we need to think which one is the most important on the network. I would say the HTTP server is going to have to be a high-quality server to manage with all the traffic.

2 routers £100 2 routers are the main feature of this network that basically makes it run. One router will control the onsite traffic and the other will be connected to the back-up sites. The backup sites will be accessible to the onsite network through the ISP. A gigabit router with at least 4 ports will be acceptable for this network.

220 workstations (Number of workstations represents each node on the network and not exactly how many Reliance need to buy).

£100 - If Reliance finds that some of the workstation they currently have are not efficient enough or up to standard I found that good Workstations can be bought for about the £100 mark.

20 printers

£40- £200 I believe all printers on today’s market have network compatibility so it just goes by what variation of printers the company wants. I would say that a laser printer is the best but these are also quite expensive printers. So its up to what the company really wants

Cat6 twisted pair

£80 Bulk ordering will reduce Price

Its best to buy a few big reels full of cable so that when building the network, the builders can cut the cable to size and this is better than buying millions of individual cables

Policies Disaster Recovery A Disaster Recovery plan describes how an organization is to deal with potential disasters. Ivy Wigmore from TechTarget goes on to say ‘Just as a disaster is an event that makes it impossible to continue working as normal, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume normal functions. Typically, disaster recovery planning involves analysing the processes the business continuity needs’. (Wigmore, 2011) A Disaster recovery plan is needed in every network and in this one I have it covered. The two-offsite servers will have all data saved onto them on a daily basis and are always ready to be re-uploaded onto the network once things have been fixed. Ethical on a network ethical issues cannot be frowned upon, I have decided to implement some tools to make sure that everyone follows the legal legislations. I believe the management staff should be able to look at what everyone seems to be doing on the network. This way they can make sure polices are being followed. They should be able to monitor e-mail traffic, Internet browsing. By them checking these it makes the network a safer place. Also the management staff need to put policies in place for example a password change policies so that its changed on a regular occasions just in case someone has been able to crack your password. Backup making backups is essential to make sure the networks backup sites are always updated and polices are in place so the network will make backups to these sites every so often. Near enough every network should have one of these in place so everything can be restored within a certain timeframe. The timeframe will have been negotiated with companies associated with Reliance. Seven Tiers of recovery Depending on what tier of recovery an organisation adopts (the higher the better), this method of recovery can prove to be the most sophisticated compared to the above two. Below I will speak about the seven tiers of recover: Hddrecovering.com covers the 7 tiers of the recovery and I’ve summarised into these bullet points: Tier 0 – No data or systems backup; disaster recovery has not been considered Tier 1 – Backs are transported to an off-site storage location, takes time for recovery Tier 2 – Back ups are sent to an offsite location, which acts as a recovery centre Tier 3 – Backups are transmitted to electronic tape or disk vaults Tier 4 – Uses disk technology to make more frequent ‘snapshot’ copies of data Tier 5 – Critical data is kept synchronised between business and it recovery centre Tier 6 – Data is mirrored in real-time using various forms of disk technology Tier 7 – Building on Tier 6, but recovery procedures are automated to reduce delays. (7 Tiers of Data Recovery, 2011) I believe I put this network onto a Tier 6 recovery, which is a good choice in my opinion and will have the network back online in no time.

Conclusion As I’ve now tested the network I have built I believe I’ve created the perfect network that meets all the requirements that reliance wanted. The network should last longer than the 5 years reliance wanted and also is very flexible to changes. The only thing I would say to Reliance is always kept on top of their updates and nothing should go wrong. After looking over the cost of the network I believe that the total running costs will be significantly lower due to. Overall I am happy with the structure and that Reliance will accept my ideas and use them on the network.

References

7 Tiers of Data Recovery (2011) HDDRecovering. Navigate to: Available at: http://hddrecovering.com/2011/7-tiers-of-data-recovery-software-aspects/ (Accessed: 23 January 2015). Microsoft (no date)TCP/IP settings. windows.microsoft.com. Available at: http://windows.microsoft.com/en-gb/windows/change-tcp-ip-settings#1TC=windows-7 (Accessed: 8 January 2015). Rouse, M. (2011)OSPF (Open Shortest Path First),TechTarget. OSPF (Open Shortest Path First). Available at: http://searchenterprisewan.techtarget.com/definition/OSPF (Accessed: 21 January 2015). Rouse, M. (2012)EIGRP (Enhanced Interior Gateway Routing Protocol),TechTarget. EIGRP (Enhanced Interior Gateway Routing Protocol). Available at: http://searchnetworking.techtarget.com/definition/EIGRP (Accessed: 21 January 2015). Van Vugt, S. and Posey, B. (2014)Choosing the best server OS: Linux vs. Windows comparisons,TechTarget. Choosing the best server OS: Linux vs. Windows comparisons. Available at: http://searchdatacenter.techtarget.com/tip/Choosing-the-best-server-OS-Linux-vs-Windows-comparisons (Accessed: 8 January 2015). Wigmore, I. (2011)disaster recovery,TechTargetRecovery. disaster recovery. Available at: http://whatis.techtarget.com/definition/disaster-recovery (Accessed: 23 January 2015).